-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi David,
David Shaw wrote: > I've been away on vacation and only picked up this thread now. Hope it was relaxing. Welcome back seems like a negative thing to say. ;) > This statement is not correct. Back in the PGP 2.x days, this might > have been true, but with OpenPGP, there is no particular requirement > that the ability to sign and the ability to decrypt are connected. > You can have a shared key with separate capabilities. > > Sending an signed key via encrypted mail does not ensure anything > about the key owner. Marcus and Ingo have very been helpful in providing pretty specific procedures that they've used (and documented) for key signing. I've read with interest the comments that you've made over the years as the topic of keysigning has come up and I'd be very appreciative if you could share a basic outline of the procedure you take or recommend. As I alluded to at the start of this thread, I've been volunteered to give a talk on the process and reason behind key signing at an upcoming meeting of my local LUG. I've been trying to find as many different peoples policies and procedures as I can prior to my presentation to a) refresh my memory and b) prepare for potential questions on why one might use a particular method. I highly respect the methods you've outlined on this list and I think the members of my local LUG could benefit greatly from being exposed to the policy/procedure for handling keys the come across at a key signing party. Thanks much for your efforts on GnuPG. Like OpenSSH, it's one of the applications that I use every single day and would have a hard time living without. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== Life is the art of drawing without an eraser. -- John Gardner -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iG0EARECAC0FAkSvRTwmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1oIFACg1o1VlJkJc3qnus5D24wxs1+c+nMAnif/DXQB GM8hQmMqt6RFQ6AxQObg =yZQj -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users